December 28, 2024
AI is not a deterministic abstraction like a compiler; it is a probabilistic accelerator. It compresses the time between conception and verification while dramatically increasing the cost of failing to verify. This essay argues for a verification-first discipline when using AI-assisted development tools.
Software development has always been an act of managed complexity. From assembly language to garbage-collected runtimes, each generation inherits tools that encode decisions their creators no longer need to re-litigate. The story we tell ourselves is one of triumphant abstraction: compilers freed us from machine code, frameworks freed us from memory management, and now AI promises to free us from the mechanical translation of intent into logic.
But this framing commits a category error that misleads more than it clarifies. AI is not a deterministic abstraction like a compiler; it is a probabilistic accelerator. It does not eliminate the need to understand what we build—it compresses the time between conception and verification while dramatically increasing the cost of failing to verify.
The question is not whether AI will replace programmers, but whether we will develop the discipline to wield acceleration without sacrificing correctness.
To understand the shift, consider the nature of the tools we have long taken for granted. When a compiler transforms C into machine code, or a type checker proves the absence of certain errors before runtime, it operates within a formal system. The mapping is deterministic, reversible in principle, and grounded in decades of specification. These are harnesses—constrained systems that amplify human capability while preserving guarantees.
The danger of AI is that it feels like a harness but behaves like an unconstrained system. It generates approximate solutions to underspecified problems, drawing on statistical patterns rather than logical necessity. Calling this “abstraction” suggests the details are merely hidden when in fact they are unknowable without explicit verification.
A more honest term is probabilistic automation: a tool that accelerates production while requiring a commensurate acceleration of human vigilance.
This distinction is what my colleague Dave grasps instinctively when he refuses to let AI-generated code near the authentication service. His concerns, once dismissed as curmudgeonly, now reveal themselves as precisely the right questions.
The answer is not that you avoid AI, but that you never deploy its output without first building a cage of verification. You debug not by tracing the model’s reasoning—which is impossible—but by treating the code as a black box with a contract. You log inputs and outputs obsessively. You canary deploy with circuit breakers. You ensure you can roll back in seconds, not minutes.
The model’s opacity does not eliminate debuggability; it transposes the problem from “why did it write this?” to “under what conditions does this contract fail?”
This is the junior paradox. If AI demands more foundational knowledge to use safely—because you must spot subtle errors in generated code—how do novices acquire that knowledge when the tool tempts them to skip the formative struggle?
The answer is unsatisfying but necessary: we must redesign apprenticeship. Juniors should use AI to explore, not to implement. They should prompt it to generate five different solutions to a problem, then manually trace why four of them fail. They should treat generated code as an adversarial code review exercise, where the AI is a clever but careless senior engineer whose work must be refactored.
Learning now means learning verification first and implementation second.
You cannot ensure this, any more than you can ensure a human never commits a vulnerability. But you can enforce a verification doctrine that treats AI-generated code as radioactive until proven safe. The difference is that AI can generate vulnerable patterns at scale, so your defenses must also scale.
The rule is simple: AI proposes, but humans dispose—and humans must dispose via verification, not gut feeling.
This doctrine is not theoretical. Here is a technical vignette from our own systems.
We tasked an AI with generating a Redis-based rate limiter for a high-throughput API. The prompt was precise: enforce 1000 requests per minute per API key, minimize latency, handle Redis failures gracefully. The AI produced elegant code: a Lua script executed atomically on Redis, sliding window logic, exponential backoff for failed connections.
It looked correct. It passed unit tests. It passed integration tests. But during load testing, we observed cache stampedes under thundering herd conditions. When a popular API key expired its window, hundreds of requests would simultaneously trigger Lua execution, overwhelming Redis and causing cascading failures.
The bug was subtle. The AI had implemented a sliding window but had not introduced jitter or request coalescing around window boundaries. It was a failure of operational semantics, not algorithmic correctness—a distinction a junior might miss but a senior would anticipate.
We caught it because our verification doctrine requires stress testing with realistic load patterns and mandatory code review by an engineer who owns the operational semantics.
The lesson was not that AI failed, but that AI accelerates the draft while correctness still demands expertise. The tool saved us two days of implementation but cost us four hours of verification—still a net gain, but only if we verified.
Every AI-generated artifact must be reviewed against this six-point checklist, with answers documented in the commit:
Invariants, failure modes, boundary conditions: What must remain true? How can this fail? What happens at scale?
Performance complexity: What are the time and space guarantees? Are there hidden O(n2) loops in hot paths?
Concurrency model: Is it thread-safe? Does it avoid deadlock? Have race conditions been proven absent?
Security posture: Does it handle untrusted input? Are secrets masked in logs? What’s the blast radius?
Tests: Are there property-based tests for invariants? Do integration tests cover failure injection?
Observability + rollback: Are metrics emitted? Can we roll back in under five minutes?
The framing of intent → logic remains central. AI excels at bridging this gap when the logic is well-understood and the intent is clear. But the moment we enter novel territory—new concurrency patterns, custom consensus protocols, security-critical authentication—the model regresses to the mean of its training data. It generates plausible solutions to similar problems, not correct solutions to your problem.
This implies a new division of labor:
The human defines the invariant; the AI explores the solution space.
The human writes the property-based test; the AI generates candidates to satisfy it.
The human owns the operational semantics; the AI optimizes the implementation.
This is not a weakening of the programmer’s role but a concentration on the parts that require understanding rather than production.
We must also abandon the comforting myth that previous generations understood their entire stack. Most production developers have always relied on layers they don’t fully understand. The TCP stack, the JIT compiler, the NAND flash translation layer—these are black boxes that we trust through contract and testing, not mastery. The difference is that these black boxes are stable. AI-generated code is not.
The calm, correct posture is one of skeptical acceleration: we move fast because we verify thoroughly.
AI use without tests is malpractice. No AI-authored code merges without human-owned spec and tests.
The spec—whether written as a docstring, a type signature, or a TLA+ model—is the human’s bid for correctness. The tests are the proof. The AI is merely a compiler for intent, and like a compiler, it is only as good as the rigor of the source material.
The future of software is not AI writing code that humans ignore. It is humans writing ironclad specifications that AI helps implement faster. It is juniors learning verification before implementation. It is seniors demanding verification doctrine before deployment.
We stand at an inflection point where the economics of code production have inverted. Code is cheap; correctness is expensive. The teams that thrive will be those that treat AI as what it is: a probabilistic accelerator that demands deterministic discipline.
Implement the six-point verification doctrine as a mandatory checklist in your code review process for any AI-generated code.
Redesign junior mentorship to focus on verification-first learning: have juniors use AI to generate code specifically for the purpose of finding its failures.
Establish a “probabilistic automation” policy that explicitly labels AI output as requiring higher verification standards than human-written code, not lower.